Travelers all over the world are affected.
Sophisticated scams have taken over daily life. According to the Federal Trade Commission, social media scams from January 2021 to June 2023 cost consumers $2.7 billion, while scams on websites and apps have led to losses of $2 billion.
There are multiple cons targeting travelers: fake hotels/accommodations, “free vacation” marketing, canceled flights and bookings, and vacation packages from illegitimate companies. It is getting increasingly difficult to detect a scam and it’s been revealed that one of the world’s largest hotel booking websites may not be immune from scammers.
Booking.com has been drawing flak from consumers over the past year for its lack of security measures to protect users from scams. TikTok users have been alleging that dodgy emails and messages from the official portal are swindling people out of hundreds of dollars, and it’s becoming increasingly common to fall prey to them.
Related: Online Travel Scams Are on the Rise—Here’s How to Protect Yourself
What’s Going On?
Booking.com insists that it has not been hacked, but hackers are targeting individual hotels that use the portal. Booking.com warns its hotel partners that criminals are using phishing techniques to gain access to guest data. Phishing is a cyber attack that hackers use to pretend to be someone else to steal data.
“Fraudsters may attempt to mimic our emails in order to phish your username and password for the purposes of taking over your account. These phishing emails can lead to a webpage that looks very similar to the Booking.com Extranet login page–but if you look at the URL address bar, you’ll notice differences,” Booking.com explains in its warning.
Recommended Fodor’s Video
Hackers first send an email to the hotel, which asks them to click on a link that downloads malware, reports BBC News. The hacker steals customer reservation data, credit card information, and other details. The imposter then pretends to be the hotel and messages guests with another payment link—from the real Booking.com website or app with a booking.com id. For users, it’s almost impossible to detect that it’s not the hotel but a criminal behind the email or message.
The Australian Competition and Consumer Commission (ACCC) revealed that Booking.com scams have surged 580% since last year, resulting in losses of $337,000.
In one particular incident, a consumer was contacted by a hotel she booked in Turkey; she was informed that she needed to confirm her payment details or her reservation would be canceled. She clicked on the link and provided her card details, which were not accepted, and she was asked to make a bank transfer. Later, a legitimate representative called to tell her that their system had been hacked and it was not, in fact, the hotel representatives she was corresponding with. She told ABC News, “They could see me talking to people, but it wasn’t them. They said they couldn’t get into the system to tell me to stop talking to them.”
The hackers used her credit card to make hotel bookings worth $25,000, but her bank refunded her the amount. The hotel that was fraudulently booked under her name told her that scammers use stolen cards to book rooms and later ask to be refunded to another card. Booking.com, however, didn’t offer much help after she complained.
Some consumers in the U.K. were also targeted in a similar fashion and believed the message from legitimate as it came on the ongoing chat, but they haven’t been able to recover money from the website or their bank.
These scams were also reported in Singapore last year. Experts theorized then that hotel login credentials could also be compromised and that’s how hackers may be getting access to guest data. The BBC also reported that hackers are using the dark web to find victims, offering as much as $2,000 for hotel login details.
The company said in a statement that there was no silver bullet to deal with internet frauds and they were monitoring and stopping threats. “We are implementing new measures to assure the account security of both our customers and partners, including new security features to lock or block inactive partner admin accounts, which is where we have seen fraudulent activity take place once scammers get unauthorized access to the hotel’s Booking account.”
How to Prevent Scams
In 2023, 39,527 travel-related scams were reported in the U.S., totaling $78.2 million—which is lower than 2022’s figure of $105.1 million. It has become a challenging part of travel planning because the burden has fallen on the consumer to protect themselves and fight for their money.
The most important thing to remember is that anything can be faked. If someone has hacked the hotel portal, they would know your name, your reservation details, and your other information, so it’s easy to be conned.
If you receive a suspicious email or communication, you should contact the hotel directly to confirm if the message came from them. Similarly, if you receive a phone call from a hotel asking for information, do not volunteer it–instead, hang up, find the direct telephone of the hotel via their official website, and call them. Do not use the phone number included in any suspicious emails or communications.
Representatives impersonating hotel staff may make things seem urgent–this is your first red flag. Clicking on links is also discouraged, especially if it doesn’t take you to the official website. You should also check all URLs thoroughly—scammers do a great job mimicking websites, but you may be able to detect a character missing here or there in the URL.
And lastly, report the scam to the Federal Trade Commission.
If you are scammed–know that it’s not your fault; you’re the victim. These are very sophisticated scams and they are hard to detect, so don’t beat yourself up.
There have been times when I've gotten a scam from my bank supposedly. The scammers Copy the banks login page and it looks just like the real thing. They want you to login and steal your credentials.
One that has tried to con me via an SMS message, that my bank has rejected a payment of such and such, please contact them at the following 800 number to correct the issue. I don't give out my text number so knew it was a phishing attempt! I just call the number on the back of my bank's card and confirm, then turn in the phishing attempt information. Once, I was actually called into court as a victim witness against someone in my area that had been nabbed attempting a fraudulant operation. he actually didn't know he was attempting to scam local numbers and police nailed him without much work! m (He was found guilty and sentenced to 15 years in the Grey Bar Hotel.)